git://git.exim.org
/
exim.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
GnuTLS: lose DH-param setup, for recent library versions where no longer needed
[exim.git]
/
doc
/
doc-docbook
/
spec.xfpt
diff --git
a/doc/doc-docbook/spec.xfpt
b/doc/doc-docbook/spec.xfpt
index d7e8fe0c422bbe64e2f00eb4e19a0723eb1e0af7..c0c7bdc80e487e02d6c89a0a2d336020a0b700a2 100644
(file)
--- a/
doc/doc-docbook/spec.xfpt
+++ b/
doc/doc-docbook/spec.xfpt
@@
-17736,7
+17736,14
@@
larger prime than requested.
The value of this option is expanded and indicates the source of DH parameters
to be used by Exim.
The value of this option is expanded and indicates the source of DH parameters
to be used by Exim.
-&*Note: The Exim Maintainers strongly recommend using a filename with site-generated
+.new
+&*Note: This option is ignored for GnuTLS version 3.6.0 and later.
+The library manages parameter negitiation internally.
+.wen
+
+&*Note: The Exim Maintainers strongly recommend,
+for other TLS braries,
+using a filename with site-generated
local DH parameters*&, which has been supported across all versions of Exim. The
other specific constants available are a fallback so that even when
"unconfigured", Exim can offer Perfect Forward Secrecy in older ciphersuites in TLS.
local DH parameters*&, which has been supported across all versions of Exim. The
other specific constants available are a fallback so that even when
"unconfigured", Exim can offer Perfect Forward Secrecy in older ciphersuites in TLS.
@@
-17832,7
+17839,10
@@
Certificate Authority.
Usable for GnuTLS 3.4.4 or 3.3.17 or OpenSSL 1.1.0 (or later).
Usable for GnuTLS 3.4.4 or 3.3.17 or OpenSSL 1.1.0 (or later).
-For GnuTLS 3.5.6 or later the expanded value of this option can be a list
+.new
+For OpenSSL 1.1.0 or later, and
+.wen
+for GnuTLS 3.5.6 or later the expanded value of this option can be a list
of files, to match a list given for the &%tls_certificate%& option.
The ordering of the two lists must match.
of files, to match a list given for the &%tls_certificate%& option.
The ordering of the two lists must match.
@@
-41029,7
+41039,9
@@
Events have names which correspond to the point in process at which they fire.
The name is placed in the variable &$event_name$& and the event action
expansion must check this, as it will be called for every possible event type.
The name is placed in the variable &$event_name$& and the event action
expansion must check this, as it will be called for every possible event type.
+.new
The current list of events is:
The current list of events is:
+.wen
.display
&`dane:fail after transport `& per connection
&`msg:complete after main `& per message
.display
&`dane:fail after transport `& per connection
&`msg:complete after main `& per message
@@
-41043,6
+41055,7
@@
The current list of events is:
&`tcp:close after transport `& per connection
&`tls:cert before both `& per certificate in verification chain
&`smtp:connect after transport `& per connection
&`tcp:close after transport `& per connection
&`tls:cert before both `& per certificate in verification chain
&`smtp:connect after transport `& per connection
+&`smtp:ehlo after transport `& per connection
.endd
New event types may be added in future.
.endd
New event types may be added in future.
@@
-41069,6
+41082,7
@@
with the event type:
&`msg:host:defer `& error string
&`tls:cert `& verification chain depth
&`smtp:connect `& smtp banner
&`msg:host:defer `& error string
&`tls:cert `& verification chain depth
&`smtp:connect `& smtp banner
+&`smtp:ehlo `& smtp ehlo response
.endd
The :defer events populate one extra variable: &$event_defer_errno$&.
.endd
The :defer events populate one extra variable: &$event_defer_errno$&.